Users of the encoder (including anim_encode.c) and areas of the encoder
itself rely on the status returned via WebPPicture.
Change-Id: Id786176b8ac3b2329d1e41b9dacbb8dcc5d822e4
VP8LBitWriterFinish() may cause the VP8LBitWriter's buffer to be grown.
If that allocation fails, VP8LBitWriterNumBytes() will return a size
larger than the current allocation resulting in a heap overwrite of the
missing bytes.
==13==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61900005b880 at pc 0x00000049ffc1 bp 0x7fff144f5b40 sp 0x7fff144f5310
READ of size 1028 at 0x61900005b880 thread T0
#0 0x49ffc0 in __asan_memcpy
#1 0x695861 in VP8BitWriterAppend src/utils/bit_writer_utils.c:186:3
#2 0x65acf9 in EncodeAlphaInternal src/enc/alpha_enc.c:169:14
Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz).
This is the same issue that was fixed in the non-alpha lossless path in:
d49cfbb3 vp8l_enc,WriteImage: add missing error check
Bug: chromium:1455619
Change-Id: I6bd10de213707d3d6b7ce3d0d2b3942af45d317f
Remove the ambiguous 'should' which in other contexts might result in
questions as to whether it is a SHOULD or a MUST.
Change-Id: I9b396187ebde5ea5a0dbaf42daee6acf541258cd
VP8LBitWriterFinish() may cause the VP8LBitWriter's buffer to be grown.
If that allocation fails, VP8LBitWriterNumBytes() will return a size
larger than the current allocation resulting in a heap overwrite of the
missing bytes.
==3531848==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61d000000880 at pc 0x556eddfa1007 bp 0x7ffe434c7a90 sp 0x7ffe434c7260
READ of size 2052 at 0x61d000000880 thread T0
#0 0x556eddfa1006 in __asan_memcpy
#1 0x556eddfeeccf in WebPMemoryWrite src/enc/picture_enc.c:220:5
#2 0x556ede0f9f87 in WriteImage src/enc/vp8l_enc.c:1454:8
Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz).
Change-Id: Ib1c9454c2c51849b0ba58c5347e6bd5b02a12fbe
This prevents leaks should an allocation fail.
Spotted by Philippe Antoine (p dot antoine at catenacyber dot fr)
and https://github.com/catenacyber/nallocfuzz.
Change-Id: I07a8a475a282b18bf2f9015cc5b1120772babd48
The default was changed from 5MB to 64KB in 3.1.27 [1] causing image
decodes to fail. This restores the old default. In testing, 1536KB was
enough for the sample image, 1024KB was not.
[1]: https://github.com/emscripten-core/emscripten/blob/main/ChangeLog.md#3127---112922
Bug: webp:614
Change-Id: I1ff7afc72fa49d88d2efe88d2a04dfadbea3b1a5
Fixed: webp:614
Test: emcc 3.1.18 & 3.1.41
The buffers are made mandatory to match WebPDecodeYUVInto(), though this
conflicts with WebPIDecGetYUVA().
spotted by Oliver Kunz (okunz at google dot com)
Change-Id: Ic4740c53b75da6b93d4f3462303fb9be0ebfbd48
After the png_read_update_info() call, call png_get_channels() to find
out if the image has alpha.
Change-Id: I6fa709418744b4de90d10ff96eaeefe454ffa290
Within the 'Entropy image' subsection, its clear this is what is being
described in the following paragraphs. Remove 'as described below' from
the first sentence.
Bug: webp:611
Change-Id: I365d69c8f6963cd826849ebdd96e46206d38b55d
Move this to the top-level of the "Details" section as prefix codes are
discussed in both "Decoding and Building the Prefix Codes" and "Decoding
of Meta Prefix Codes"
Bug: webp:611
Change-Id: Ide2dfedf081d6c94122ac16ecded968ed760f90c
in the Transformations section describing decoding of the transform
data followed by the image data. The section numbers were adjusted by 1
in:
337cf69f webp-lossless-bitstream-spec: mv Nomenclature after Intro
Bug: webp:611
Change-Id: I4eede0d068fabdef51a140a0268436ab6629e8bb
Give some examples of repetition and binary value notation to limit the
need to follow the ABNF reference.
Bug: webp:611
Change-Id: I5b5a7632f011e1523b4a528653fe3630afba3e3e
in 6.2.3 Decoding Entropy-Coded Image Data.
The copying of distance code pixels cause some confusion during the
AUTH48 portion of the RFC review process.
Bug: webp:611
Change-Id: I78f547ae10c95f180355a4c93ec6d48acdc09141
Mostly grammatical and addition/subtraction of commas from the AUTH48
portion of the RFC review process.
The serial comma changes are based on the Chicago Manual of Style
(CMOS), 17th edition.
Bug: webp:611
Change-Id: I5ae2d1cc0196009dbf3a4c2195cc73c2ef809b49
preprocessing bits are informative, not the filtering bits.
since:
391f9db9 Ordering of description of bits in container spec
Change-Id: I1c0da963074ce9cf4d33a13b4b36c9421b3e3b9d
Mostly grammatical and addition/subtraction of commas from the AUTH48
portion of the RFC review process.
The serial comma changes are based on the Chicago Manual of Style
(CMOS), 17th edition.
Change-Id: Ic75abf2e53e09c8a849e28e9c40e16c127515287
The histograms count the occurrences of len/dist in entropy images.
Those (at most (1<<14) by (1<<14)) are sub-sampled by at least
MIN_HUFFMAN_BITS == 2, hence at most 24 bits in a histogram value.
At most, we multiply by 19 (because the longest histogram is of
size 40 and we do 40>>1, cf code) for the bit cost. So it all fits
in 32 bits.
Change-Id: Ife24b035f54794851ff31f2fac07901f724c6d7f
using the defaults present in 0.6.13 and setting
--first-comment-is-literal to avoid reflowing the copyright block and
--max-subgroups-hwrap 3 (default is 2) to avoid making some short set()
statements multi-line.
Change-Id: I3d90c025b5b2bb353046f4da19b8e442a044b902
Reference the section by number, rather than 'this section'. Fixes a
lint warning:
Style notice: Write unique, descriptive link text that makes sense
without the surrounding text. Don't use phrases such as this document,
this article, or click here.
https://developers.google.com/style/link-text?hl=en#write-link-text
Change-Id: Iab33e4980528dddb5eed4404d25a4a746705131a
remove AMENDED-notes (the last functional spec change to match with the
implementation is from 2014, other amendments are clarifications)
Bug: webp:581
Change-Id: Ic47739be0fd5a975fd734d6813567ca615304f1d
This can be tested by running:
cmake ../ -DWEBP_BUILD_ANIM_UTILS=OFF -DWEBP_BUILD_CWEBP=OFF -DWEBP_BUILD_DWEBP=OFF -DWEBP_BUILD_GIF2WEBP=OFF -DWEBP_BUILD_IMG2WEBP=OFF -DWEBP_BUILD_EXTRAS=OFF
Bug: webp:612
Change-Id: Ie06d8f0535676d6d31ff0047ff7a6c026e16118e